447 matches found
CVE-2020-35580
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...
CVE-2020-35580
Summary: CVE-2020-35580 is a local file inclusion vulnerability in the SearchBlox FileServlet (versions before 9.2.2). The issue allows remote, unauthenticated attackers to read arbitrary files from the OS (via /searchblox/servlet/FileServlet?col=url=) and may expose the SearchBlox configuration ...
Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
Human Resource Information System 0.1 Cross Site Scripting
Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
Human Resource Information System 0.1 - (First Name) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
150,000 Verkada security cameras hacked—to make a point
Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Unfortunately, it also exposed the inner workings of hospitals, clinics, and mental health...
CVE-2020-23722
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuelid" parameters...
CVE-2020-4685
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos...
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass
Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3...
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3 Summary: Medivision is a service that provides everything from DID operatio...
UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery
input type="hi...
UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications...
UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin
Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...
WordPress WP Forms 1.5.8.2 Cross Site Scripting
Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...
Vulnerability of ACE Mingyi's O&M Audit Risk Control System to overstepping of authority
DASUSM is an audit and risk control system based on the theory and practical experience of operation and maintenance security management, combined with the requirements of various laws and regulations e.g., level protection, SOX, PCI, enterprise internal control management, hierarchical protectio...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested...
Computrols CBAS-Web 19.0.0 Cross Site Request Forgery
Computrols CBAS-Web 19.0.0 CSRF Add Super Admin CVE: CVE-2019-10847 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic history.pushState'', 't00t', 'index.php'...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
CVE-2016-10947
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin...